Intermediate Cybersecurity Risk & Compliance Consultant

Intermediate Cybersecurity Risk & Compliance Consultant

Category: Cyber Security
City: Ottawa, Vancouver, Toronto, Halifax, Calgary, Canada
Position ID: J0721-2256
Employment Type: Full Time

Position Description:

We are reaching out to Cybersecurity Risk and Compliance candidates to become part of the CGI team. Join a Global organization offering a diversity of rewarding challenges!
Our employees work on highly dynamic, exciting and fast-paced IT projects. As a trusted partner to our clients, you will work as an integral part of a larger cybersecurity team fully invested in the mission of delivering the most appropriate and effective cybersecurity for our clients across Canada.

The Intermediate Cybersecurity Risk & Compliance Consultant is an experienced cybersecurity practitioner who will apply their expert knowledge and experience as follows:
•Participate as a cybersecurity consultant as part of larger capability deployment team to define, address and validate the fulfilment of security measures intended to fulfil the client’s security requirements;
•Assess client enterprise environments, systems, policies, governance and procedures to identify gaps and variances from recognized cybersecurity best practices and provide sound recommendations for remediation;
•Alone or as part of a team, develop security and risk related documentation to establish or improve the client’s cybersecurity program;
•Conduct the full span of security accreditation and authorization activities to allow clients to implement trusted operations on environments, systems and services within a balanced and managed level of acceptable risk; and
•Create and deliver presentations and/or discuss technical options and solutions with clients, inspiring confidence and forming strong trusted relationships between CGI and our clients.

Your future duties and responsibilities:

•Conduct security risk and compliance assessments of client enterprise systems and environments to determine cybersecurity vulnerabilities and risks;
•Develop security test plans, test cases, gather and validate test results against compliance requirements;
•Conduct required information gathering through interviews, workshops, questionnaires and documentary evidence;
•Provide cybersecurity analysis of information gathered to identify vulnerabilities, risks and compliance gaps;
•Provide recommendations to reduce residual risks to levels that are prudent and acceptable to the client;
•Either alone, or as part of a team, conduct IT certification assessments to meet requirements outlined in security standards and achieve accreditation and/or Authority To Operate, including Security Assessment & Authorization (SA&A) activities under the ITSG-33 methodology;
•Create tailored cybersecurity governance frameworks, policies, standards, training and compliance assurance documentation in support of the client’s cybersecurity program; and
•Create reports and presentations of a high standard, demonstrating excellent communications skills in English (mandatory) and French (desirable).

Required qualifications to be successful in this role:

•Minimum six years of directly relevant cybersecurity risk management experience;
•Sound objective knowledge of security topologies, network security best practices and the application of suitable security safeguards;
•A sound knowledge of security monitoring and response capabilities in conventional, Cloud and hybrid environments;
•A strong understanding and experience with common security standards and frameworks, including but not limited to NIST SP 800-53, ISO 27001/2, PCI, GDPR, SCADA, SWIFT, etc;
•Sound knowledge of Government of Canada security guidelines and standards, including but not limited to ITSG-33 and the technical control requirements of the Security Assessment & Authorization (SA&A) process;
•Experience working with proposals and RFP submissions, including estimating effort, cost and schedules
•Demonstrated ability for analytical thinking and self-directed research in cybersecurity topics;
•Ability to obtain a Government of Canada security clearance to Reliability status (Level II – Secret preferred);
•A strong ability to collaborate and be part be part of an effective team; and
•Ability to speak, write and communicate clearly and effectively in fluent English.

The following are highly desirable:
•Effective written and verbal communication skill in French;
•Training and certification in Cloud environments, especially those related to Cloud governance and security; and
•The ability to obtain a Government of Canada Secret (Level II) security clearance.


  • Architecture
  • Cyber
  • NIST

What you can expect from us:

Build your career with us.

It is an extraordinary time to be in business. As digital transformation continues to accelerate, CGI is at the center of this change—supporting our clients’ digital journeys and offering our professionals exciting career opportunities.

At CGI, our success comes from the talent and commitment of our professionals. As one team, we share the challenges and rewards that come from growing our company, which reinforces our culture of ownership. All of our professionals benefit from the value we collectively create.

Be part of building one of the largest independent technology and business services firms in the world.

Learn more about CGI at

No unsolicited agency referrals please.

CGI is an equal opportunity employer. In addition, CGI is committed to providing accommodations for people with disabilities in accordance with provincial legislation. Please let us know if you require a reasonable accommodation due to a disability during any aspect of the recruitment process and we will work with you to address your needs.